PT-2025-37768 · Remyandrade · Employee Management System
Jazeye
·
Published
2025-09-15
·
Updated
2025-12-23
·
CVE-2025-57117
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rems' Employee Management System version 1.0
Description
A Clickjacking issue exists that allows remote attackers to execute arbitrary JavaScript. The issue is present on the 'department.php' page and involves injecting a malicious payload into the Department Name field when adding a department. The vulnerable parameter is the Department Name field.
Recommendations
Apply input validation and sanitization to the Department Name field on the 'department.php' page to prevent the injection of malicious JavaScript. Implement Clickjacking protection mechanisms, such as the X-Frame-Options header, to prevent the page from being rendered in an iframe.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Employee Management System